Antoonpurnal

**Name of the Vulnerable Software and Affected Versions** liboqs versions prior to 0.10.1 **Description** A control-flow timing issue has been identified in the reference implementation of the Kyber key encapsulation mechanism in liboqs, a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. This issue can be exploited to leak secret information. A proof-of-concept local attack can leak the entire ML-KEM 512 secret key in approximately 10 minutes using end-to-end decapsulation timing measurements. **Recommendations** For versions prior to 0.10.1, update to version 0.10.1 to resolve the issue. As a temporary workaround, consider using compiler options that may produce vectorized code, which does not leak secret information, however, relying on these compiler options as a workaround may not be reliable.